Open port on TMG 2010

dears
I need to open port 1521 for oracle listener on my TMG 2010 , and have no idea about this .
can anyone help me please?..
thanks in advance 

Hi,
In general,
access rules are used for controlling outbound access. You can create a custom protocol to define the port 1521. As there is only a single port, please enter the same
port number in the From and To boxes in
New/Edit Protocol Connection dialog box. Then you can create an access rule and choose that protocol.
More information:
Creating an access rule
TMG back to Basics - Part 3: Protocol Definitions (
Note: Microsoft is providing this information as a convenience
to you. The sites are not controlled by Microsoft. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.)
Best regards,
Susie

Similar Messages

  • Can't open ports on TMG 2010

    The main issue is that the external Lync clients can't connect to the Lync server. The reason this happens is blocked ports on TMG.<o:p></o:p>
    There is Non-web server publishing rules setup allowing inbound connection from  public ip to Lyncedge server's external ip using tcp ports: 443, 444, 445, 5061, 50000-59999 (inbound).<o:p></o:p>
    All the rules use to work fine and the external Lync clients were connecting fine, but now when i test the ports on the public ip, using
    web tools (like checkmyports.net) I am getting "Port is Closed" for all of them.
    What is not allowing the ports to be open?<o:p></o:p>
    Nothing has been changed on the TMG server. The other rules (Activesync and OWA access) on the TMG work with no problem.<o:p></o:p>
    Any help would be greatly appreciated!<o:p></o:p>

    Hi,
    Thank your for your post here.
    Please double check your configuration via the article below:
    http://ucbeacon.blogspot.com/2013/03/configure-forefront-tmg-2010-as-reverse.html
    Please also check the TMG live logging.
    Best Regards
    Quan Gu

  • TMG 2010- SSL web access via port 2096

    I configured TMG 2010 some time ago with additional SSL ports so that our internal users can access an externally hosted https website on port 2096. It worked fine for almost a year, until today...
    Here is the TMG configuration:
    C:\Users\marcos\Desktop>cscript "show added ports.vbs"
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.
    NNTP: 563-563
    SSL: 443-443
    SSL 2083: 2083-2083
    SSL 2096: 2096-2096
    I could try to recreate the added ports but I'm reluctant to do that because it may require a restart (downtime) and probably won't solve the issue.
    Many thanks for your help!
    Marco S

    Hi,
    are you sure that the configuration of the SSL extension has been lost? Have you looked into the TMG realtime logging to see the reason why the clients cannot access the website over port 2096?
    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

  • New TMG 2010 servers are not listing for port 443

    Experts,
    We have installed New TMG 2010 servers are not listing for port 443, we have 2 servers installed in same subnet. server can telnet at port 443 to self but can not do to each other.
    Do we need to create any access rule in TMG to allow this ?. Please help.
    Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com

    Hi,
    Please check the blog that lists the ports used by TMG.
    Forefront TMG 2010 Protocols and Ports Reference
    http://tmgblog.richardhicks.com/2012/09/10/forefront-tmg-2010-protocols-and-ports-reference/
    Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does
    not guarantee the accuracy of this third-party contact information.
    Best Regards,
    Joyce
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • TMG 2010 Array Brings down the entire internal network

    Ok, so this is a weird as it sounds. 
    We've been working with ISA and TMG since 2004, this is the first time I've seen this kind of behavior. Let me explain the details.
    We implemented 3 TMG 2010 Servers in an Array and 2 EMS Servers on Windows Server 2008 R2. Each TMG Server has 4 NICs (Internal, External, DMZ-Intra-array). At first we wanted to enable them with an F5 Hardware Load Balancer but after weeks of trying to
    make them work together we couldn't (SNAT and routing issues related), so we tried using Windows NLB but had problems with the Multicast configuration using VMWare and after some other battles we decided to first try out just using one TMG Server as the main
    one to try to make it work. The customer we are implementing this is currently using ISA 2006 and they wanted to upgrade to TMG 2010 using basically the same stuff as their ISA had, so we backed up that configuration and imported it into TMG without problems.
    We added the TMG Servers on the EMS configuration and everything replicated just fine.
    Since they already had IPS, Cisco ASAs and Ironports as Proxy they decided to disable NIS, Malware inspection, Flood Mitigation and all those things TMG has for better securing Internet traffic.
    The firewall policy rules are about 100 and they have 3 publishing rules to HTTPS Services. 
    So after making the necessary configuration changes to the TMG infrastructure, we then decided to unplug the ISA Servers, change the TMG servers IP Address to the ISA Server ones and test to see if everything worked just as ISA Server did. However it didn't.
    At first we have issues related to slow internet traffic, after troubleshooting for some time we ended up finding out that the Source IP used by TMG was different that the one ISA was using, even if the same IP was configured in the NIC and the other IPs
    were configured as alternate. We found out after some searching that Windows Server 2008 R2 uses some RFC and manipulates the IP Address on a NIC in a way that 2003 didn't. We found out that we needed to add the other IPs via Netsh int ipv4 add address
    <Interface Name> <ip address> skipassource=true
    After that configuration we got things working fine... for a while, several hours later, servers started losing connectivity, switches stopped responding and the entire network was collapsed! After unplugging the TMG Servers, everything returned back to
    normal.  We though this was a issue related to drivers or something to do with VMWare plataform, so it was decided to reinstall everything on physical servers.
    After some days of reconfiguring again TMG Servers, we made the switch again, unplugged the ISA Servers, configured the TMG with the ISA IP Addresses, did the NETSH thing and then tested out everything and everything worked.
    But again hours later the same behavior appeared once more! Servers and switches stopped responding and the entire network went down once more! Again we unplugged the TMG Servers and everything returned back to normal!
    So here we are, back to square one with no clue on what is causing this behavior on the network. The current physical servers are running HP 3666i 4 multiport 10Gb NICs, we don't know if that has something to do with this. Or the fact the the switch core
    to which the TMG servers are directly connected to is a Nexus 7000 and there is some configuration issues with it against the TMG or something. The TMGs are patched with Service Pack 2 Update Rollup 5.
    We are probably going to open a support case with Microsoft with this issue, but we first wanted to see if anyone else may have had, seen or heard something related to this and has an explanation or ideas on why is this happening.
    I appreciate any replies.
    Thank you all.
    Eduardo Rojas

    Hi, I belive your TMG is virtual and NLB is setup. If so you need to bind the physical swith port with NLB MAK address in multicaste mode. Let's take an example, if your internal NLB physical NIC is connected to swith port 1 and 2 then you need to manually
    bind the NLB MAK to port 1 and 2 like wise for all NLB enabled zone.Read VM ware NLB as they support multicaste in virtual. So do not use unicaste in NLB if it's virtual. All should be okay with the above configuration.

  • TMG 2010 Without Edge Transport

    Is it possible to configure TMG 2010 to open port 25 and route Exchange 2010 mail without an Edge Transport server?

    Could it be that you are using the wizard found under the node "E-Mail Policy" in the mmc?
    If so, don't use that, use "Publish Mail Servers" under "Firewall Policy" and when asked if you want to continue the wizard (step after selecting SMTP as the protocol to be published, answer yes.
    After completing the wizard you should have a regular server publishing rule for SMTP.
    You could also use the wizard "Publish Non-Web Servers" and select SMTP Server as protocol. This will fill your request "open port 25 on TMG".
    Either way you do it, Edge Transport is not required.
    Hth, Anders Janson Enfo Zipper

  • Supporting of Broadcast and Multicast in TMG 2010 !

    I have installed TMG 2010 SP2 at Windows 2008 R2.
    So, as I read TMG blocks as broadcast as multicast.
    And such built-in only one way default behaviour is not right.
    I want in my own (as user/admin) define whether it is necessary to me or not as following there have to be ability to switch it on/off such option, for example as checkboxes for each network (address range) defined by default/user - one for broadcast and
    one for multicast.
    So, please add such functionality to kernel mode driver and to service in the next nearest SP or rollup.
    And/or tell how is it possible to switch it on at Tmg 2010 SP2 and later.
    There are some important services relying on broadcast: NetBios, Dhcp, some Alladin hardkey protection, some special soft.
    If somebody of MS techinians will send registry parameter for this or specially designed driver, all will under my responsibility only.

    I didn' t find Threat Management Gateway
    topic at https://connect.microsoft.com/directory
    Please open such topic at  https://connect.microsoft.com/directory.
    I will post suggestion or you can do so in your own.
    I see this as following: next roll up adding two checkboxes and also two array input fields for Each Rule: multicast traffic checkbox and array where some (one or more) IP addresses can be put and broadcast traffic checkbox with also array input (for example
    192.168.0.255 and 255.255.255.255 - both IP, not mask) .
    For example, I want to allow out/in (from LocalHost/to LocalHost) for NetBios 137, 138 port services broadcast, but drop out/in Dhcp Broadcast and allow out only
    Sentinel HASP License Manager uses port 1947 broadcast. Of, course this example is for/from internal net only
    So, and admins/users uses of Tmg only may define in their own or decide whether it is necessary at all and what rule/rules is/are necassary for.
    Warning message can be appeared if admin set multicast and/or broadcast checbox for external net (differs from lan and localhost) but if it is necessary admin can continue anyway to do so.
    Or may be make global settings (also 2 checkboxes and 2 array input control) but if it set to on, multicast/broadcat will allow if allowing appropriate rule (for examplee for NetBios) exist if drop Dhcp rule exist additionally to NetBios allowing rule, so
    multicast/broadcast will be allowed to NetBios nd will not be dropped for Dhcp.
    And some changes are necessary to make in kernel mode driver as I suppose.
    I can become a first tester. :))))))))
    P. S.: At the moment even outgoing traffic with sender IP of LocalHost (for example 192.168.0.100) and destination IP of broadcast (192.168.0.255) is blocked also.

  • Open ports in zones

    I am encountering a strange behavior in new zones created using zonemgr 2.0.6 (this is the only way I create zones, so I do not know if the issue is more general). When I create a new zone, two strange things are happening:
    1. Immediately after the zone is created, no services are running, not even ssh
    2. About 10 minutes later, a whole bunch of services are running. Most of these are not running on the global zone.
    For reference, nmap output on the global zone is the following:
    [dcomsm1@dcomsm1:~] $ nmap t2000
    Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 20:51 EST
    Interesting ports on 131.247.16.134:
    Not shown: 991 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    111/tcp open rpcbind
    2161/tcp open apc-agent
    3052/tcp open powerchute
    4045/tcp open lockd
    32774/tcp open sometimes-rpc11
    32775/tcp open sometimes-rpc13
    32776/tcp open sometimes-rpc15
    32777/tcp open sometimes-rpc17
    The new zone is created using the following zonemgr arguments:
    [root@t2000:~/zonecfgs] # more ./temp.sh
    #!/usr/bin/bash
    ./zonemgr -a add -n drenkhah -z "/export/zones" -P "root_pw" -I "131.247.16.159|e1000g0|25|drenkhah" -R "/root|/usr/bin/bash" -s "basic|lock"
    zone creation output is as follows:
    [root@t2000:~/zonecfgs] # ./temp.sh
    Checking to see if the zone IP address (131.247.16.159) is already in use...IP is available.
    cannot create '/drenkhah': leading slash in name
    chmod: WARNING: can't access /export/zones/drenkhah
    chown: /export/zones/drenkhah: No such file or directory
    Zone drenkhah will be placed in the following directory: /export/zones/drenkhah
    Preparing to install zone <drenkhah>.
    Creating list of files to copy from the global zone.
    Copying <2568> files to the zone.
    Initializing zone product registry.
    Determining zone package initialization order.
    Preparing to initialize <1042> packages on the zone.
    Initialized <1042> packages on zone.
    Zone <drenkhah> is initialized.
    The file </export/zones/drenkhah/root/var/sadm/system/logs/install_log> contains a log of the zone installation.
    Creating the sysidcfg file for automated zone configuration.
    Booting zone for the first time.
    Waiting for first boot tasks to complete.
    Waiting for automatic post-install reboot to complete
    Updating netmask information.
    Updating /etc/inet/hosts of the global zone with the drenkhah IP information.
    Generating ssh host keys. Details in the (/root/.zonemgr/zone28330-ssh.log) file.
    svcadm: Pattern 'svc:/network/ssh' doesn't match any instances
    Setting the root user's home directory to /root
    Setting the root user's shell to /usr/bin/bash
    Disabling un-necessary services via basic method for the default services.
    Zone drenkhah is complete and ready to use.
    nmap output just after creating the zone is as follows:
    [dcomsm1@dcomsm1:~] $ nmap drenkhah
    Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 17:53 EST
    All 1000 scanned ports on 131.247.16.159 are closed
    Nmap done: 1 IP address (1 host up) scanned in 29.39 seconds
    nmap output 17 minutes later is as follows:
    [dcomsm1@dcomsm1:~] $ nmap drenkhah
    Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 18:10 EST
    Interesting ports on 131.247.16.159:
    Not shown: 986 closed ports
    PORT STATE SERVICE
    21/tcp open ftp
    22/tcp open ssh
    23/tcp open telnet
    25/tcp open smtp
    79/tcp open finger
    111/tcp open rpcbind
    513/tcp open login
    514/tcp open shell
    587/tcp open submission
    4045/tcp open lockd
    6112/tcp open dtspc
    6788/tcp open unknown
    6789/tcp open ibm-db2-admin
    7100/tcp open font-service
    Nmap done: 1 IP address (1 host up) scanned in 29.25 seconds
    Note that there are many open ports
    # uname -a
    SunOS t2000 5.10 Generic_137137-09 sun4v sparc SUNW,Sun-Fire-T200
    Thanks
    Manish

    The Leopard OS X firewall is application based and not port based. Honestly, I haven't played with it enough to know for certain how to answer your question.
    But... when you do connection sharing, you're essentially doing a port based NAT for the systems on the other side of your Mac. This pretty much keeps you from initiating anything to the other system even without a local firewall unless you were to configure port forwarding.
    As for blocking packets, you would need to use the 'ipfw' command to do things at the port level.

  • How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking

    How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking. I have put the IIS setting X-Frame-Options:SAMEORIGIN  on my Internal CAS Server. However as the OWA page is published through
    Forefront TMG 2010, the iFrame tag is not blocked when the page is first opened. Only when you login with your credentials to the OWA page inside the frame and the page reaches IIS on the Internal CAS it gets blocked. I want to block it in the first
    instance when it is opened from TMG.

    Hi,
    Thank you for the post.
    To modify the http header, please refer to this blog:
    http://tmgblog.richardhicks.com/2009/03/27/using-the-isa-http-filter-to-modify-via-headers-and-prevent-information-disclosure/
    Regards,
    Nick Gu - MSFT

  • Unable to install Forfront TMG 2010 on Server 2008 R2 with SP1

    Hi I am  Installing TMG 2010 on Server 2008R2 with service pack 1 ... then I am getting the error as below snapshot...kindly help me out

    Hi Deepak
    THanks a lot for your quick responce . Please find below logs which I 've find from C:\Windows\Temp.  there are three text file in this folder. here I 've paste three files content as below
    14:14:02 INFO:    Installer activated, command-line=''
    14:14:02 INFO:    Expanded full extraction path of SQL Express 2008 SP1 Package is 'C:\Windows\temp\{196A1AC7-AE04-46AA-8CB3-196D6F4760C0}'.
    14:14:02 INFO:    Install scenario
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: Upgrade code is not set
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: Upgrade code is not set
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
    14:14:02 ERROR:    CSSEInstaller::GetInstanceId failed to open reg key 'SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL'
    14:14:02 INFO:    CSSEInstaller::Prepare: Failed to get the instace id of MSFW
    14:14:02 ERROR:    CSSEInstaller::GetInstanceId failed to open reg key 'SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL'
    14:14:02 INFO:    CSSEInstaller::Prepare: Failed to get the instace id of ISARS
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: Upgrade code is not set
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
    14:14:02 INFO:    Installing ISA (Core components)...
    14:14:02 INFO:    CFirewallInstaller: Activating installation, command line args = '-I "F:\FPC\MS_FPC_Server.msi "WRAPPER=1 ARPSYSTEMCOMPONENT=1 MEDIAPACKAGEPATH=\FPC\ REBOOT=ReallySuppress'
    14:14:16 ERROR:    Setup failed. Error returned: 0x643
    14:14:16 ERROR:    CBasicInstaller: Install failed, hr=0x80070643
    14:14:16 ERROR:    Installation failed. hr = 0x80070643
    14:14:16 ERROR:    Installation failed, hr=0x80070643
    14:14:16 ERROR:    InstallProducts: Install ISA (Core components) failed, hr=0x80070643
    14:14:26 ERROR:    Wrapper: Install failed, hr = 0x80070643
    14:14:26 ERROR:    Wrapper: DoSetup failed, hr = 0x80070643
    14:14:26 ERROR:    Wrapper: DoSetup failed, hr = 80070643
    14:14:26 ERROR:    Setup of ISA failed. Return value: SETUP_ERROR_ISA
    IInd File
    14:14:10 ISA setup CA INFO   : ENTRY: ValidateSKU, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:10 ISA setup CA INFO   : OriginalDatabase = F:\FPC\MS_FPC_Server.msi
    14:14:10 ISA setup CA INFO   : This is EE installation
    14:14:10 ISA setup CA INFO   : EXIT: ValidateSKU, Custom Action succeeded
    14:14:10 ISA setup CA INFO   : ENTRY: SetServerServiceRunning, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:10 ISA setup CA INFO   : Service lanmanserver is running
    14:14:10 ISA setup CA INFO   : EXIT: SetServerServiceRunning, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: PropertyAssign, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : FW Services feature state: -1
    14:14:11 ISA setup CA INFO   : EXIT: PropertyAssign, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: SetDotNetInstalledProperty, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : EXIT: SetDotNetInstalledProperty, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: SetRebootRequiredBeforeInstallationProperty, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : CheckExistValue failed. key = PendingFileRenameOperations.
    14:14:11 ISA setup CA INFO   : FOpenKey failed. key = SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired.
    14:14:11 ISA setup CA INFO   : FOpenKey failed. key = SOFTWARE\Microsoft\Updates.
    14:14:11 ISA setup CA INFO   : EXIT: SetRebootRequiredBeforeInstallationProperty, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: SetISARegistrySettingsForCOM, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : VerifyPropertyEqualValue: Property Sku =
    14:14:11 ISA setup CA INFO   : EXIT: SetISARegistrySettingsForCOM, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: Set_RrasIsVpn, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : RRAS is configured as VPN.
    14:14:11 ISA setup CA INFO   : EXIT: Set_RrasIsVpn, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: EE_ValidatePropertiesSyntax, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : Checking the length of properties
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ENTERPRISE_NAME length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ENTERPRISE_DESCR length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property STORAGESERVICE_ACCOUNT length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property STORAGESERVICE_PWD length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property STORAGESERVER_CONNECT_ACCOUNT length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property STORAGESERVER_CONNECT_PWD length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ARRAY_NAME length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ARRAY_DESCR length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ARRAY_DNS_NAME length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property REPLICATION_SOURCE_PATH length < 260
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ARRAY_ENTERPRISEPOLICY length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property CLIENT_CERTIFICATE_FULLPATH length < 260
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property SERVER_CERTIFICATE_FULLPATH length < 260
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property SERVER_CERTIFICATE_PASSWORD length < 32
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property FULLPATHANSWERFILE length < 260
    14:14:11 ISA setup CA INFO   : Length of all properties is correct
    14:14:11 ISA setup CA INFO   : Checking the syntax of some properties
    14:14:11 ISA setup CA INFO   : Syntax condition of all properties is correct
    14:14:11 ISA setup CA INFO   : Checking the syntax of the MSIPROP_ARRAY_INTERNALNET properties
    14:14:11 ISA setup CA INFO   : Syntax of the properties internal range property is correct
    14:14:11 ISA setup CA INFO   : Checking the syntax of the property ARRAY_INTERNALNET_ENT_NETS
    14:14:11 ISA setup CA INFO   : Syntax of the property ARRAY_INTERNALNET_ENT_NETS is correct
    14:14:11 ISA setup CA INFO   : Checking the syntax of the property INTRA_ARRAY_ADDRESS_IP
    14:14:11 ISA setup CA INFO   : Checking the syntax of the property HOST_ID
    14:14:11 ISA setup CA INFO   : Checking the existance of files in properties
    14:14:11 ISA setup CA INFO   : All properties that contain files exist
    14:14:11 ISA setup CA INFO   : EXIT: EE_ValidatePropertiesSyntax, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: ValidateRDPAddressType, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : TMG remote installation uses IPV4 connection
    14:14:11 ISA setup CA INFO   : EXIT: ValidateRDPAddressType, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: GetEnvParams, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : The machine does not belong to any domain
    14:14:11 ISA setup CA INFO   : EXIT: GetEnvParams, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: CalculateFirstDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']
    14:14:11 ISA setup CA INFO   : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']
    14:14:11 ISA setup CA INFO   : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']
    14:14:11 ISA setup CA INFO   : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']
    14:14:11 ISA setup CA INFO   : First Dialog in the flow: FirstDialog = InstallWelcome
    14:14:11 ISA setup CA INFO   : EXIT: CalculateFirstDialog, Custom Action succeeded
    14:14:13 ISA setup CA INFO   : ENTRY: CalculateNextDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:13 ISA setup CA INFO   : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']
    14:14:13 ISA setup CA INFO   : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']
    14:14:13 ISA setup CA INFO   : Next dialog in the flow is: NextDialog = LicenseAgreement
    14:14:13 ISA setup CA INFO   : EXIT: CalculateNextDialog, Custom Action succeeded
    14:14:15 ISA setup CA INFO   : ENTRY: CalculateNextDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:15 ISA setup CA INFO   : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']
    14:14:15 ISA setup CA INFO   : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']/Dialog[@name='CustomerInformation']
    14:14:15 ISA setup CA INFO   : Next dialog in the flow is: NextDialog = CustomerInformation
    14:14:15 ISA setup CA INFO   : EXIT: CalculateNextDialog, Custom Action succeeded
    14:14:16 ISA setup CA INFO   : ENTRY: ValidatePIDGenX, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:16 ISA setup CA INFO   : OriginalDatabase = F:\FPC\MS_FPC_Server.msi
    14:14:16 ISA setup CA ERROR  : LoadLibrary(F:\FPC\Program Files\Microsoft ISA Server\msfpcPidGenX.dll) failed, ec=193
    14:14:16 ISA setup CA ERROR  : Setup failed while validating Product ID.
    14:14:16 ISA setup CA ERROR  : (Error 28021) Setup failed while validating Product ID.
    14:14:16 ISA setup CA ERROR  : EXIT: ValidatePIDGenX, Custom Action failed (0x643)
    IIIrd File
    Logging stopped: 4/7/2014  14:14:16 ===
    MSI (c) (E4:34) [14:14:16:224]: Note: 1: 1708
    MSI (c) (E4:34) [14:14:16:224]: Product: Microsoft Forefront Threat Management Gateway EE  -- Installation operation failed.
    MSI (c) (E4:34) [14:14:16:224]: Windows Installer installed the product. Product Name: Microsoft Forefront Threat Management Gateway EE . Product Version: 7.0.7734. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status:
    1603.
    MSI (c) (E4:34) [14:14:16:224]: Grabbed execution mutex.
    MSI (c) (E4:34) [14:14:16:224]: Cleaning up uninstalled install packages, if any exist
    MSI (c) (E4:34) [14:14:16:224]: MainEngineThread is returning 1603
    === Verbose logging stopped: 4/7/2014  14:14:16 ===
    Below error Code I got from Application Event
    Product: Microsoft Forefront Threat Management Gateway EE  -- Setup failed while validating Product ID.
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events
    cannot be delivered through this filter until the problem is corrected.

  • TMG 2010 to connect Branch Office

    We have TMG 2010 installed for proxy solution. Recently we opened new branch office but they are unable to internet through proxy. I have added the route add command in TMG Server.
    route add 10.24.84.0 mask 255.255.255.224 10.24.30.20 -p           - Branch 1
    route add 10.24.86.0 mask 255.255.255.224 10.24.30.20 -p                           - Branch 2
    10.24.30.20 is our core router IP...
    Is there any configuration required in core router and branch office router...Branch office users can access all server service except proxy solution.Please advice

    HI
    In your branch office,
    YOu need to ensure that internal Branch office subnet is able to reach TMG server. Need route to TMG networ from branch office on branch office Router,
    TMG should have route to reach Branch office network.
    Add branch office subnet as internal in TMG network range

  • Publis a monitoring camera through TMG 2010

    Hi, I have a monitoring IP-camera inside my LAN what I want to publish through TMG 2010 to access from outside. The camera has a build in webserver running (currently) on port 80. Insuide the LAN (no restrictions) everybody who has a login to the cam can
    watch. So the cam is working pretty well. Now I created a web publishing rule in TMG 2010 for the Cam but it seems not to be enough. I easily can connect to the log-on screen of the cam, I can log in, but than I get an empty (black) picture(Cam healthy light
    on the screen is yellow instead of green, means the video is not working)! No stream is visible. The cam should not use any other (additional) ports, I checked that by using wireshark. What can be the problem that TMG blocks the stream?

    Hi,
    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark
    the answer as you wish.
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
    Best regards,
    Susie

  • ]TMG 2010 SP2 Rollup 5 - None Available Worker threads

    Hi Guys,
    We're experiencing some problems with our TMG 2010 Array (SP2 Rollup 5 ),and the first thing I can see is that the "Available Worker Threads" are 0 many times during the day. How can debug further this issue to know the root cause?'
    Best Regards
    Federico Giampietri Latamsupport IT Infrastructure Services

    Hi,
    >>"Available Worker Threads" are 0 many times during the day.
    Could you see any other abnormal symptom in TMG?
    The issue in the KB below has a symptom that "The Available Worker Threads counter in the Forefront TMG Firewall Service may suddenly decrease to zero". But this has been fixed in Rollup 5. If you still have the same issue after
    installing Rollup 5, you may need to open a case with Microsoft.
    FIX: Server that's running Forefront Threat Management Gateway 2010 stops accepting all new connections and becomes unresponsive
    Best Regards,
    Joyce
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • FedEx Ship Manager Through TMG 2010

    Shipping Dept needs to connect to FedEx through the FedEx Ship Manager software to download tracking numbers. TMG 2010 appears to be blocking the traffic. All traffic to FedEx must use Port 443.
    One rule allows traffic to the following sites from the shipping dept computer. The next rule denies traffic to the sites.
    The DNS address and port of the FedEx Tunnel Gateway Server is: cafegip.ts.dmz.fedex.com:443
    IP addresses for the FedEx tunnel server cluster are:
    199.81.196.27 (sni-vip1.dmz.fedex.com)
    199.81.197.170 (sni-vip2.dmz.fedex.com)
    199.81.216.140 (sni-vip3.dmz.fedex.com)
    199.81.217.140 (sni-vip4.dmz.fedex.com)
    199.81.216.60 (sni-vip-wtc-temp.dmz.fedex.com becoming sni-vip4.dmz.fedex.com)
    204.135.8.17 (sni-vip5.dmz.fedex.com)
    204.135.8.16 (sni-vip6.dmz.fedex.com)
    Has anyone found a way to make this work?

    The answer appears to be that TMG 2010 was allowing SSL v2 traffic and the receiving system (FedEx) was rejecting that traffic.
    Resources used to solve the issue are listed below.
    http://blog.msedge.org.uk/2011/12/forefront-tmguag-useful-tools-and.html
    http://support.microsoft.com/kb/982876/en-us
    http://support.microsoft.com/kb/2545464/en-us
    Download and apply RemoveWeakVersions2k8.reg from here: https://skydrive.live.com/?cid=A2E64DE91BFCAD09&id=A2E64DE91BFCAD09%21527
    Download and apply SetNetBTNodeType.reg from here: https://onedrive.live.com/?cid=A2E64DE91BFCAD09&id=A2E64DE91BFCAD09!527

  • Lync 2013 clients behind TMG 2010

    Hi
    My escenario is as follow
    Lync Client 2013 --> TMG 2010 --> ISP Router (without fillter ports)
    I have a problema with this escenario because TMG drop me the voice calls and sudendly drop me the connection with the server.In TMG i created the following rullo
    From internal to external, and URL Set (*.microsoftonline.com,
    *.microsoftonline-p.com , *.onmicrosoft.com, sharepoint.com, *.outlook.com )
    Protocols: http, htpps, RTP, SIP, Sip Server, Sips, Sips Server,
    50040-50059 TCP Outbound
    50000-50019 UDP Send Receive
    3478 UDP Send Receive
    59999 UDP Send Receive
    50020-50039 UDP Send Receive
    So what is the problema with this TMG 2010 (with all updates, SPs and rollouts)
    Thanks

    Hi,
    The following blog might help.
    http://www.jaapwesselius.com/2012/12/21/publish-lync-2013-services-in-tmg-2010/
    (Note: Microsoft provides third-party contact information to help you find technical support. This contact
    information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
    Best Regards,
    Joyce
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

Maybe you are looking for

  • Calibrating for Everything.

    Noel, I would like to know a bit more about your setup. I appreciate that for sRGB you get quite close. But since I need at times a larger gamut for printing, I eschew sRGB for Pro Photo RGB as the color space. Now, using a puck, I calibrate quite we

  • My dv6331eu will not turn on!

    hi everyone! my laptop is a Pavilion dv6331eu running on vista with a AMD Turion64x2. it was running low on battery so i went to plug it in before it ran out, but it turned off before i plugged it in. now everytime i try and turn it on all i get is a

  • Color Profiles Not Showing Up in Aperture 3

    So, I use WHCC for my lab. They supply printer profiles. So far so good. I have put these profiles in both the system and user ColorSync Profiles folder. These profiles show up in my Color Sync Utility but they don't show up in Aperture?? Now what? T

  • Ipad 3 is not starting

    Hello, since this morning my iPad 3 is not starting up again. Just have a black screen. Tried already to load battery with several plugs & different sockets without any success. No reaction from the iPad anymore. Anything else which could be done ? M

  • Updated Firefox and lost all toolbars, Hotmail, EVERYTHING!! How do I fix this?

    Updated Firefox last evening. Got up this morning to a whole new page on the computer. Clicked on Firefox and got a blank page with just a Firefox logo and a Google search line. There are no toolbars for me to use to get to my e mail, pictures or oth